Network War law: You must know this. Network War law:

Network War law: You must know this. Network War law:

Recently, the New York Times reported that the United States may use nuclear weapons to counter the destructive cyber attacks of hostile countries. In November 2017, a video entitled "Slaughterbots" was widely spread on social media and alleged that "artificial intelligence (AI) the controlled drone fleet can launch precise attacks against thousands of unprotected victims." These two articles have aroused public attention and pointed out that the military needs to think deeply about the future of traditional and modern cyber warfare, look forward to the fusion trends of these war types, and make corresponding countermeasures.

Recent media reports contain thoughts on the laws of war and their application in the Network Warfare era. Looking at network attacks in recent years, especially attacks against Ukraine by APT28 (also known as "Fantasy bear", "Bing Storm", "sandbug", "Sednit", and "Sofacy, there are also unknown hacker organizations launching Triss (Tron) malware attacks on civil targets. It is imperative to discuss the "cyber war law.

Cyber war law: You must know this

There is a set of strict approval procedures and command systems for ruling military operations and organized military operations in accordance with international law. We cannot deny that some countries have a loose Explanation of "legal use of force. However, it is recognized that all warring parties in the world need to avoid and carefully consider attacks against civilians, civil infrastructure, places of worship, and sites with cultural or historical significance.

When the warring parties exploit the above protected civil facilities and specific locations, the problem becomes serious. Based on the Oxford Handbook of Customary Law of War in 1880, the Hague Convention in 1899 and 1907 formed the subject of the so-called war law. Since then, we have gained the first basic principle of the law of war-the principle of distinction.

In terms of the legal use of weapons, the principle of differentiation is a guiding principle that must be followed, including the use of network weapons. According to international humanitarian law, warring parties must distinguish between combatants and civilians. However, an extension of this principle may be controversial-is the infrastructure in a war zone counted as a military facility or a civil facility? Can you call it?

The proportional principle in force use also applies to the legal use of weapon systems (including network weapons. The use of weapons must take into account the destruction of civilians and their property. Such destruction cannot exceed the obtained military advantages. This requires the combatants to carefully calculate the scope of the impact of weapons and comprehensively consider potential damages to civilians (and civil infrastructure) and attacks to the combatants (and military facilities.

Another principle that needs to be taken into account when evaluating the legitimacy of the use of weapon systems is the military necessity principle. This principle limits that only opponents can be hurt in battle, and no unnecessary damage can be done in non-war cases. In addition, this principle prohibits the abuse of prisoners or torture for non-military purposes. Despite the fact that cyber weapons may be far-fetched in the above context, the principles of military necessity are supported by the Freedom code. The Code of freedom further defines the items prohibited by this principle: Basically, any hostile action to the reconstruction and creation of difficulties is prohibited.

Finally, the principle of monitoring the use of weapons also includes the principle of unnecessary pain. Section 35th of supplement Protocol I prohibits the use of weapons, ammunition and materials and, in essence, war methods to cause excessive harm or unnecessary suffering.

Therefore, taking into account the four principles of war law above, if the weapons or network weapons put on by the war party are unselected or out of proportion (civil damage is greater than military damage), it is more difficult to return to peace, and cause unnecessary suffering, that is, violation of the war law.

Military operations

If you consider developing a war doctrine that integrates network weapons into military operations, it is necessary to ensure that existing public technologies, such as vulnerability exploitation, worms, and Trojan rootkit, comply with the principles of the above war laws.

1. Vulnerability Exploitation

Basically, it refers to an undisclosed zero-day vulnerability that can be exploited to gain control over information technology devices. The Triss (Triss) malware mentioned above is a zero-day vulnerability attack.

2. Worms

A self-replication network weapon can be used to search for specific vulnerabilities, exploit these vulnerabilities, and infect any connected hosts. The WannaCry ransomware that broke out in 2017 has a worm attribute.

3. Trojan rootkit

It is difficult to clear resident malware, and attackers can control the target computer system. It is said that this type of malware is an example of the "dual-pulse" Trojan produced by NSA.

If the above technologies are used to execute espionage on the target infrastructure, they cannot be classified as weapons because their destructive functions are not shown. However, controlled hosts can be manipulated at any time by attackers to download destructive loads, transform them into "Network weapons", and destroy infected infrastructure or downgrade connected systems. The systems connected to the target computer system are the problem and should be identified and confirmed before the destruction action is triggered.

Fortunately, the US military network warfare and electronic warfare battlefield Manual (FM 3-12) provides US soldiers with a guide to the use of network weapons, soldiers can follow strict command procedures and authorizations like physical weapon systems to use network weapons.

The following lists some technical control requirements for network weapons in wartime and post-war situations:

Vulnerabilities used in network attacks should be disclosed after the truce, so as to be cleared afterwards;

Detailed records of target or infected military and civil facilities should be kept;

Fully confirm the target (PID) before initiating destructive loads of network weapons );

There should be additional non-Cyber Intelligence and legal bodies that support and confirm that the initiation of destructive loads complies with the laws of war;

The destructive load cannot be started selectively;

The trojan rootkit should be set to be unmounted after a predefined period;

Self-replication technology (worm) can be deployed only when it is extremely unlikely to spread to non-target infrastructure;

The target infrastructure should mainly be military facilities;

Vulnerability exploitation, worms, and Trojan rootkit should be used on Industrial Control Systems (ICS) and monitoring and data collection systems (SCADA) for the strictest objective selection review.

Challenges posed by network weapons

Basically, weapons are clearly identifiable. bombs, missiles, and tanks are certainly defined as destructive weapons. However, there is an inevitable problem about weapons: dual-use technology. For example, a certain form of power is required for the luji missile system, and Civil generator vehicles and shovel excavators can also be used to mine battlefield fortifications. These technologies are dual-purpose, and the fight against these systems will obviously "increase the difficulty of returning to peace ".

Network weapons are very difficult to identify. unless their destructive loads are triggered, they are basically deployed as spyware instead of violating the war law. article 2-3 of rule 30 of the talin Manual does not constitute an attack:

The concept of "attack" is the basis for specific restrictions and prohibitions in armed conflict law. For example, civilian and civil targets may not be "attacked" (rule 32 ). The rule explains Article 49th of supplemental Protocol 1: "attacks mean violent acts against opponents, whether they are offensive or defensive ."

According to this widely recognized definition, the use of violence against the target is a standard for distinguishing attacks from other military operations. Non-violent actions, such as psychological warfare or cyber espionage, are not considered as attacks.

As the recent global cyber security attacks show, NSA's network vulnerability exploitation tools and Trojan protection are ineffective, resulting in the outbreak of WannaCry, NotPetya and BadRabbit attacks. The IT security field generally believes that WannaCry should be from North Korea, while Russia should be responsible for NotPetya and BadRabbit. The above are large-scale, self-replicated, and non-differentiated network weapons. These attacks can cause serious consequences if they cause physical damage to the infrastructure and lead to casualties, not just economic losses.

International Red Cross Society, NATO, the United Nations and other international organizations should strictly develop laws and regulations on the development and use of destructive network weapons, and conduct strict legal and security reviews and restrictions on network weapons like those that constrain nuclear weapons and biochemical weapons.